Weekly Vulnerabilities Reports > November 15 to 21, 2010

Overview

62 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 14 high severity vulnerabilities. This weekly summary report vulnerabilities in 48 products from 26 vendors including Apple, Camtron, Tecvoz, Redhat, and Joomla. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "SQL Injection", "Resource Management Errors", and "Path Traversal".

  • 58 reported vulnerabilities are remotely exploitables.
  • 11 reported vulnerabilities have public exploit available.
  • 13 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 54 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 39 reported vulnerabilities.
  • Camtron has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-17 CVE-2010-4233 Camtron
Tecvoz
Credentials Management vulnerability in multiple products

The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.

10.0
2010-11-17 CVE-2010-4232 Camtron
Tecvoz
Improper Authentication vulnerability in multiple products

The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.

10.0
2010-11-17 CVE-2010-4230 Camtron
Tecvoz
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method.

9.3
2010-11-15 CVE-2010-1842 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a bidirectional text string with ellipsis truncation.

9.3
2010-11-15 CVE-2010-1841 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted UDIF image.

9.3

14 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-15 CVE-2010-2892 Landesk Improper Input Validation vulnerability in Landesk Management Gateway

gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and 4.2 through 4.2-1.8 allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the DRIVES parameter, as demonstrated by a cross-site request forgery (CSRF) attack.

8.5
2010-11-17 CVE-2010-4107 HP Path Traversal vulnerability in HP products

The default configuration of the PJL Access value in the File System External Access settings on HP LaserJet MFP printers, Color LaserJet MFP printers, and LaserJet 4100, 4200, 4300, 5100, 8150, and 9000 printers enables PJL commands that use the device's filesystem, which allows remote attackers to read arbitrary files via a command inside a print job, as demonstrated by a directory traversal attack.

7.8
2010-11-17 CVE-2010-4234 Camtron
Tecvoz
Resource Management Errors vulnerability in multiple products

The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to cause a denial of service (device reboot) via a large number of requests in a short time interval.

7.8
2010-11-17 CVE-2010-4231 Camtron
Tecvoz
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in the web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to read arbitrary files via a ..

7.8
2010-11-16 CVE-2010-1843 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted PIM packet.

7.8
2010-11-17 CVE-2010-3864 Openssl Race Condition vulnerability in Openssl

Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through 0.9.8o, 1.0.0, and 1.0.0a, when multi-threading and internal caching are enabled on a TLS server, might allow remote attackers to execute arbitrary code via client data that triggers a heap-based buffer overflow, related to (1) the TLS server name extension and (2) elliptic curve cryptography.

7.6
2010-11-17 CVE-2010-4273 Accimoveis SQL Injection vulnerability in Accimoveis Descargarvista ACC Imoveis 1.1

SQL injection vulnerability in imoveis.php in DescargarVista ACC IMoveis 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2010-11-17 CVE-2010-4272 Pulseinfotech
Joomla
SQL Injection vulnerability in Pulseinfotech COM Sponsorwall 1.1

SQL injection vulnerability in the Pulse Infotech Sponsor Wall (com_sponsorwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

7.5
2010-11-17 CVE-2010-4271 Impresscms SQL Injection vulnerability in Impresscms

SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5
2010-11-17 CVE-2010-4269 O DYN SQL Injection vulnerability in O-Dyn Collabtive 0.6.5

SQL injection vulnerability in managechat.php in Collabtive 0.65 allows remote attackers to execute arbitrary SQL commands via the chatstart[USERTOID] cookie in a pull action.

7.5
2010-11-17 CVE-2010-4268 Pulseinfotech
Joomla
SQL Injection vulnerability in Pulseinfotech COM Flipwall 1.1

SQL injection vulnerability in the Pulse Infotech Flip Wall (com_flipwall) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

7.5
2010-11-15 CVE-2010-1840 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Stack-based buffer overflow in the password-validation functionality in Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors.

7.5
2010-11-15 CVE-2010-1378 Apple Cryptographic Issues vulnerability in Apple mac OS X

OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform arithmetic, which allows remote attackers to bypass X.509 certificate authentication via an arbitrary certificate issued by a legitimate Certification Authority.

7.5
2010-11-16 CVE-2010-1844 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (memory consumption and system crash) via a crafted image.

7.1

42 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-17 CVE-2010-4159 Mono Local Privilege Escalation vulnerability in Mono 'loader.c' Library Loading

Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory.

6.9
2010-11-16 CVE-2010-4010 Apple Numeric Errors vulnerability in Apple mac OS X and mac OS X Server

Integer signedness error in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 allows remote attackers to execute arbitrary code via a crafted embedded Compact Font Format (CFF) font in a document.

6.8
2010-11-16 CVE-2010-3798 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted xar archive.

6.8
2010-11-16 CVE-2010-3795 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of GIF image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted GIF file.

6.8
2010-11-16 CVE-2010-3794 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of FlashPix image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted FlashPix file.

6.8
2010-11-16 CVE-2010-3793 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Sorenson movie file.

6.8
2010-11-16 CVE-2010-3792 Apple Numeric Errors vulnerability in Apple mac OS X, mac OS X Server and Quicktime

Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

6.8
2010-11-16 CVE-2010-3791 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime

Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG movie file.

6.8
2010-11-16 CVE-2010-3790 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted movie file that causes an image sample transformation to scale a sprite outside a buffer boundary.

6.8
2010-11-16 CVE-2010-3789 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X, mac OS X Server and Quicktime

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted AVI file.

6.8
2010-11-16 CVE-2010-3788 Apple Improper Input Validation vulnerability in Apple mac OS X, mac OS X Server and Quicktime

QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses uninitialized memory locations during processing of JP2 image data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 file.

6.8
2010-11-16 CVE-2010-3787 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted JP2 image.

6.8
2010-11-16 CVE-2010-3786 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Excel file.

6.8
2010-11-16 CVE-2010-3785 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft Office document.

6.8
2010-11-16 CVE-2010-3783 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X Server

Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly perform replication, which allows remote authenticated users to bypass verification of the current password via unspecified vectors.

6.8
2010-11-16 CVE-2010-1846 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted RAW image.

6.8
2010-11-16 CVE-2010-1845 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted PSD image.

6.8
2010-11-15 CVE-2010-1837 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a PDF document.

6.8
2010-11-15 CVE-2010-1836 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document.

6.8
2010-11-15 CVE-2010-1833 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted embedded font in a document.

6.8
2010-11-15 CVE-2010-1832 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a crafted embedded font in a document.

6.8
2010-11-15 CVE-2010-1831 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to execute arbitrary code via a long name of an embedded font in a document.

6.8
2010-11-17 CVE-2010-4215 Foswiki Permissions, Privileges, and Access Controls vulnerability in Foswiki 1.1.0/1.1.1

UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated users to gain privileges by modifying the GROUP and ALLOWTOPICCHANGE preferences in the topic preferences for Main.AdminGroup.

6.5
2010-11-15 CVE-2010-1829 Apple Path Traversal vulnerability in Apple mac OS X and mac OS X Server

Directory traversal vulnerability in AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to execute arbitrary code by creating files that are outside the bounds of a share.

6.0
2010-11-17 CVE-2010-3868 Redhat Improper Authentication vulnerability in Redhat Certificate System and Dogtag Certificate System

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System do not require authentication for requests to decrypt SCEP one-time PINs, which allows remote attackers to obtain PINs by sniffing the network for SCEP requests and then sending decryption requests to the Certificate Authority component.

5.8
2010-11-15 CVE-2010-1834 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly validate the domains of cookies, which makes it easier for remote web servers to track users by setting a cookie that is associated with a partial IP address.

5.8
2010-11-17 CVE-2010-4168 Openttd Resource Management Errors vulnerability in Openttd

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmission of the map from the server, related to network/network_server.cpp; (2) remote attackers to cause a denial of service (invalid read and daemon crash) by abruptly disconnecting, related to network/network_server.cpp; and (3) remote servers to cause a denial of service (invalid read and application crash) by forcing a disconnection during the join process, related to network/network.cpp.

5.0
2010-11-17 CVE-2010-3978 Spreecommerce Information Exposure vulnerability in Spreecommerce Spree 0.11.0/0.11.1/0.30.0

Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data using JavaScript Object Notation (JSON) without a mechanism for validating requests, which allows remote attackers to obtain sensitive information via vectors involving (1) admin/products.json, (2) admin/users.json, or (3) admin/overview/get_report_data, related to a "JSON hijacking" issue.

5.0
2010-11-17 CVE-2010-4270 Netshinesoftware
Joomla
Path Traversal vulnerability in Netshinesoftware COM Netinvoice

Directory traversal vulnerability in the nBill (com_netinvoice) component before 2.0.9 standard edition, 2.0.10 lite edition, and 1.2_10 for Joomla! allows remote attackers to read arbitrary files via directory traversal sequences in unspecified vectors related to (1) administrator/components/com_nbill/admin.nbill.php, (2) components/com_nbill/nbill.php, (3) administrator/components/com_netinvoice/admin.netinvoice.php, or (4) components/com_netinvoice/netinvoice.php, as exploited in the wild in November 2010.

5.0
2010-11-16 CVE-2010-3784 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

The PMPageFormatCreateWithDataRepresentation API in Printing in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle XML data, which allows attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified API calls.

5.0
2010-11-15 CVE-2010-1830 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates different error messages depending on whether a share exists, which allows remote attackers to enumerate valid share names via unspecified vectors.

5.0
2010-11-15 CVE-2010-1828 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon restart) via crafted reconnect authentication packets.

5.0
2010-11-16 CVE-2010-1847 Apple Resource Management Errors vulnerability in Apple mac OS X and mac OS X Server

The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly perform memory management associated with terminal devices, which allows local users to cause a denial of service (system crash) via unspecified vectors.

4.9
2010-11-17 CVE-2010-4274 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Director Agent 6.2.0

reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 has 754 permissions, which allows local users to gain privileges by leveraging system group membership.

4.4
2010-11-15 CVE-2010-1838 Apple Improper Authentication vulnerability in Apple mac OS X and mac OS X Server

Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not properly handle errors associated with disabled mobile accounts, which allows remote attackers to bypass authentication by providing a valid account name.

4.4
2010-11-17 CVE-2010-4008 Xmlsoft
Apple
Google
Debian
Canonical
Redhat
Opensuse
Suse
Apache
Buffer Errors vulnerability in Google Chrome

libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, Apple Safari 5.0.2 and earlier, and other products, reads from invalid memory locations during processing of malformed XPath expressions, which allows context-dependent attackers to cause a denial of service (application crash) via a crafted XML document.

4.3
2010-11-16 CVE-2010-3796 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not block Java applets in an RSS feed, which allows remote attackers to obtain sensitive information via a feed: URL containing an applet that performs DOM modifications.

4.3
2010-11-15 CVE-2010-1803 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify the unique identifier of its remote AFP volume, which allows remote attackers to obtain sensitive information by spoofing this volume.

4.3
2010-11-15 CVE-2010-0113 Symantec
Google
Credentials Management vulnerability in Symantec Mobile Security 1.0

The Symantec Norton Mobile Security application 1.0 Beta for Android records setup details, possibly including wipe/lock credentials, in the device logs, which allows user-assisted remote attackers to obtain potentially sensitive information by leveraging the ability of a separate crafted application to read these logs.

4.3
2010-11-17 CVE-2010-3869 Redhat Cryptographic Issues vulnerability in Redhat Certificate System and Dogtag Certificate System

Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate System allow remote authenticated users to generate an arbitrary number of certificates by replaying a single SCEP one-time PIN.

4.0
2010-11-17 CVE-2010-4011 Apple Information Exposure vulnerability in Apple mac OS X Server 10.6.5

Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage memory for user names, which allows remote authenticated users to read the private e-mail of other persons in opportunistic circumstances via standard e-mail clients accessing a user's own mailbox, related to a "memory aliasing issue." Per: http://lists.apple.com/archives/security-announce/2010//Nov/msg00001.html 'Dovecot is only provided with Mac OS X Server systems.

4.0
2010-11-15 CVE-2010-2638 IBM Resource Management Errors vulnerability in IBM Websphere MQ

Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 allows remote authenticated users to cause a denial of service (disk consumption) via vectors that trigger an FDC with an RM680004 Probe Id value.

4.0

1 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2010-11-16 CVE-2010-3797 Apple Cross-Site Scripting vulnerability in Apple mac OS X Server

Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

3.5